search cancel

Powershell command to get information about Active Directory domain users and their properties.


Article ID: 174027


Updated On:


Data Loss Prevention Cloud Prevent for Microsoft Office 365 Endpoint Encryption


View an AD user's attributes during troubleshooting.

Permission Denied or doesn't have access to AD


Normal Domain users don't have Full access to AD due to security reasons.


OS: 2008, 2008R2, 2012, 2012R2, 2016, windows 10, etc.

Psversion: 4.0

Pscomaptible versions: {1.0, 2.0, 3.0, 4.0}


From Windows 10 or Windows 7, in order to use the Get-AdUser cmdlet, install the appropriate version of RSAT and enable the Active Directory Module for Windows PowerShell component from Control Panel (Programs > Turn Windows features on or off > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS Tools).


1. Launch Powershell ISE as an administrator.

2. Type Get-aduser "user1" -Properties *

(This command returns a full list of AD attributes and their values associated with the user account)

3. To see the properties PasswordExpired, PasswordLastSet, or PasswordNeverExpires, open the formatting of Get-ADUser output and allow the necessary fields to be displayed:

Get-aduser "user1" -Properties PasswordExpired, PasswordLastSet, PasswordNeverExpires

Additional Information

180156 - How to obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for Encryption Management Server